LookupAccountSid and trust relationship

Armand Welsh armand at welshhome.org
Thu Dec 14 21:52:28 GMT 2000

*This message was transferred with a trial version of CommuniGate(tm) Pro*
cool, I will have to try that, to see how it works, essentially, that is
exactly what I was going to test tonight, but now I can feel pretty
confident that it will work.   Instead of @root, I am going to create a
group called Adminsitrators just like NT uses, and set the line as "domain
admin group = @administrators" and see how that works, then I was also going
to play with aliasing root to administrator in the /etc/smbpasswd file.  If
the account shows up as administrator on the win2k machine, then it will
feel more natural to me.

----- Original Message -----
From: "Torsten Curdt" <tcurdt at dff.st>
To: "Armand Welsh" <armand at welshhome.org>; <samba-ntdom at lists.samba.org>
Sent: Thursday, December 14, 2000 11:04 AM
Subject: RE: LookupAccountSid and trust relationship

> *This message was transferred with a trial version of CommuniGate(tm) Pro*
> > I have similar problem.  What I noticed, (i think it's documented
> > in a .txt
> > file somwhere in the CVS tree) is that the win2K system does not
> > Domain Admins to be a member of the Administrators group.  And
> > It's not the
> > same group.  Administrators is the local system adminsitrators
> > group.  Since
> > samba doesn't support trusts yet, you can not add the Domain Admins
> > or the domain user, to the administrators group on your win2k system;
> > function requires trusts to communicate the exchange of rights/perms).
> I just tried the following:
>  domain admin user = root
>  domain admin group = @root
> Which gave me now Administrator rights on the each local machine!!
> But still gives me the LookupAccountSid error!
>   User Group Policy results for:
>   DFF\root
>   Domain Name:          DFF
>   Domain Type:          Windows NT v4
>   Roaming profile:      \\mogh\profiles\root
>   Local profile:        C:\Dokumente und Einstellungen\root.DFF
>   The user is a member of the following security groups:
> LookupAccountSid failed with 1789.
>         \Jeder
>         VORDEFINIERT\Benutzer
>         VORDEFINIERT\Administratoren    <---- YES!!!
> LookupAccountSid failed with 1789.
> LookupAccountSid failed with 1789.
>         \LOKAL
>         NT-AUTORIT-T\Authentifizierte Benutzer
> --
> Torsten

More information about the samba-ntdom mailing list